Spear Phishing Warning and General Digital Security

In addition to the usual reports of both internal and external email/website phishing we are seeing a rise in “spear phishing” where an attempt is made to compromise a specific user using publicly-available information to appear to be a trusted entity. The end of this email describes such an attack initiated with a telephone call that happened recently in our department.

Someone finds an online poster for a future conference. They look up a speaker’s office phone number and email address. They call the speaker’s office, and tell them that they are booking the hotel for them for the conference (they know the conference location and dates). They ask the speaker to provide their credit card information to secure the room; they say that the credit card will not be charged, that this is just to secure the room. However, the organizers of conference confirmed they did not place the call to the speaker.